Hello,
+ +Your account on the Unity cluster has been deactivated.
+ +If you believe this to be a mistake, please reply to this email as soon as possible.
diff --git a/resources/mail/user_created.php b/resources/mail/user_qualified.php similarity index 84% rename from resources/mail/user_created.php rename to resources/mail/user_qualified.php index 4298e777..512930c3 100644 --- a/resources/mail/user_created.php +++ b/resources/mail/user_qualified.php @@ -1,7 +1,7 @@ Subject = "User Created"; ?> +// this template is sent when a user account becomes qualified +$this->Subject = "User Activated"; ?>Hello,
diff --git a/test/functional/NewUserTest.php b/test/functional/NewUserTest.php deleted file mode 100644 index 30a12bd7..00000000 --- a/test/functional/NewUserTest.php +++ /dev/null @@ -1,333 +0,0 @@ -assertEquals( - $expected, - $SQL->requestExists($USER->uid, UnitySQL::REQUEST_BECOME_PI), - ); - } - - private function assertRequestedMembership(bool $expected, string $gid) - { - global $USER, $SQL; - $this->assertEquals($expected, $SQL->requestExists($USER->uid, $gid)); - } - - private function requestGroupCreation() - { - http_post(__DIR__ . "/../../webroot/panel/new_account.php", [ - "new_user_sel" => "pi", - "eula" => "agree", - "confirm_pi" => "agree", - ]); - } - - private function requestGroupMembership(string $gid_or_mail) - { - http_post(__DIR__ . "/../../webroot/panel/new_account.php", [ - "new_user_sel" => "not_pi", - "eula" => "agree", - "pi" => $gid_or_mail, - ]); - } - - private function cancelAllRequests() - { - http_post( - __DIR__ . "/../../webroot/panel/new_account.php", - ["cancel" => "true"], // value of cancel is arbitrary - ); - } - - private function approveUserByAdmin($gid, $uid) - { - http_post(__DIR__ . "/../../webroot/admin/pi-mgmt.php", [ - "form_type" => "reqChild", - "action" => "Approve", - "pi" => $gid, - "uid" => $uid, - ]); - } - - private function approveUserByPI($uid) - { - http_post(__DIR__ . "/../../webroot/panel/pi.php", [ - "form_type" => "userReq", - "action" => "Approve", - "uid" => $uid, - ]); - } - - private function approveGroup($uid) - { - http_post(__DIR__ . "/../../webroot/admin/pi-mgmt.php", [ - "form_type" => "req", - "action" => "Approve", - "uid" => $uid, - ]); - } - - #[DataProvider("provider")] - public function testCreateUserByJoinGoupByPI($user_to_create_args, $expected_uid_gid) - { - global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; - $pi_user_args = getUserIsPIHasNoMembersNoMemberRequests(); - switchUser(...$pi_user_args); - $pi_group = $USER->getPIGroup(); - $gid = $pi_group->gid; - switchUser(...$user_to_create_args); - $this->assertTrue(!$USER->exists()); - $newOrg = new UnityOrg($SSO["org"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); - $this->assertTrue(!$newOrg->exists()); - $this->assertTrue($pi_group->exists()); - $this->assertTrue(!$pi_group->memberExists($USER)); - $this->assertRequestedMembership(false, $gid); - try { - $this->requestGroupMembership($pi_group->gid); - $this->assertRequestedMembership(true, $gid); - - // $second_request_failed = false; - // try { - $this->requestGroupMembership($pi_group->gid); - // } catch(Exception) { - // $second_request_failed = true; - // } - // $this->assertTrue($second_request_failed); - $this->assertRequestedMembership(true, $gid); - - $this->cancelAllRequests(); - $this->assertRequestedMembership(false, $gid); - - $this->requestGroupMembership($pi_group->gid); - $this->assertTrue($pi_group->requestExists($USER)); - $this->assertRequestedMembership(true, $gid); - - $REDIS->flushAll(); // regression test: flush used to break requests - - $approve_uid = $SSO["user"]; - switchUser(...$pi_user_args); - $this->approveUserByPI($approve_uid); - switchUser(...$user_to_create_args); - - $this->assertTrue(!$pi_group->requestExists($USER)); - $this->assertRequestedMembership(false, $gid); - $this->assertTrue($pi_group->memberExists($USER)); - $this->assertTrue($USER->exists()); - $this->assertTrue($newOrg->exists()); - - $user_entry = $LDAP->getUserEntry($approve_uid); - $qualified_user_group_entry = $LDAP->getGroupEntry($approve_uid); - $this->assertEquals($expected_uid_gid, $user_entry->getAttribute("uidnumber")[0]); - $this->assertEquals( - $expected_uid_gid, - $qualified_user_group_entry->getAttribute("gidnumber")[0], - ); - - // $third_request_failed = false; - // try { - $this->requestGroupMembership($pi_group->gid); - // } catch(Exception) { - // $third_request_failed = true; - // } - // $this->assertTrue($third_request_failed); - $this->assertRequestedMembership(false, $gid); - $this->assertTrue(!$pi_group->requestExists($USER)); - } finally { - switchUser(...$user_to_create_args); - ensureOrgGroupDoesNotExist(); - ensureUserNotInPIGroup($pi_group); - ensureUserDoesNotExist(); - } - } - - public function testCreateMultipleUsersByJoinGoupByPI() - { - global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; - $pi_user_args = getUserIsPIHasNoMembersNoMemberRequests(); - switchUser(...$pi_user_args); - $pi_group = $USER->getPIGroup(); - $gid = $pi_group->gid; - $this->assertTrue($pi_group->exists()); - $users_to_create_args = getNonexistentUsersWithExistentOrg(); - try { - foreach ($users_to_create_args as $user_to_create_args) { - switchUser(...$user_to_create_args); - $this->assertTrue(!$USER->exists()); - $this->assertTrue(!$pi_group->memberExists($USER)); - $this->assertRequestedMembership(false, $gid); - $this->requestGroupMembership($pi_group->gid); - $this->assertRequestedMembership(true, $gid); - $approve_uid = $USER->uid; - switchUser(...$pi_user_args); - // $this->assertTrue(!$pi_group->memberExists($USER)); - $this->approveUserByPI($approve_uid); - switchUser(...$user_to_create_args); - $this->assertTrue(!$pi_group->requestExists($USER)); - $this->assertRequestedMembership(false, $gid); - $this->assertTrue($pi_group->memberExists($USER)); - $this->assertTrue($USER->exists()); - } - } finally { - foreach ($users_to_create_args as $user_to_create_args) { - switchUser(...$user_to_create_args); - ensureUserNotInPIGroup($pi_group); - ensureUserDoesNotExist(); - } - } - } - - #[DataProvider("provider")] - public function testCreateUserByJoinGoupByAdmin($user_to_create_args, $expected_uid_gid) - { - global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; - switchUser(...getUserIsPIHasNoMembersNoMemberRequests()); - $pi_group = $USER->getPIGroup(); - $gid = $pi_group->gid; - switchUser(...$user_to_create_args); - $this->assertTrue(!$USER->exists()); - $newOrg = new UnityOrg($SSO["org"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); - $this->assertTrue(!$newOrg->exists()); - $this->assertTrue($pi_group->exists()); - $this->assertTrue(!$pi_group->memberExists($USER)); - $this->assertRequestedMembership(false, $gid); - try { - $this->requestGroupMembership($pi_group->gid); - $this->assertRequestedMembership(true, $gid); - - // $second_request_failed = false; - // try { - $this->requestGroupMembership($pi_group->gid); - // } catch(Exception) { - // $second_request_failed = true; - // } - // $this->assertTrue($second_request_failed); - $this->assertRequestedMembership(true, $gid); - - $this->cancelAllRequests(); - $this->assertRequestedMembership(false, $gid); - - $this->requestGroupMembership($pi_group->getOwner()->getMail()); - $this->assertTrue($pi_group->requestExists($USER)); - $this->assertRequestedMembership(true, $gid); - - $REDIS->flushAll(); // regression test: flush used to break requests - - $approve_uid = $SSO["user"]; - switchUser(...getAdminUser()); - $this->approveUserByAdmin($gid, $approve_uid); - switchUser(...$user_to_create_args); - - $this->assertTrue(!$pi_group->requestExists($USER)); - $this->assertRequestedMembership(false, $gid); - $this->assertTrue($pi_group->memberExists($USER)); - $this->assertTrue($USER->exists()); - $this->assertTrue($newOrg->exists()); - - $user_entry = $LDAP->getUserEntry($approve_uid); - $qualified_user_group_entry = $LDAP->getGroupEntry($approve_uid); - $this->assertEquals($expected_uid_gid, $user_entry->getAttribute("uidnumber")[0]); - $this->assertEquals( - $expected_uid_gid, - $qualified_user_group_entry->getAttribute("gidnumber")[0], - ); - - // $third_request_failed = false; - // try { - $this->requestGroupMembership($pi_group->gid); - // } catch(Exception) { - // $third_request_failed = true; - // } - // $this->assertTrue($third_request_failed); - $this->assertRequestedMembership(false, $gid); - $this->assertTrue(!$pi_group->requestExists($USER)); - } finally { - switchUser(...$user_to_create_args); - ensureOrgGroupDoesNotExist(); - ensureUserNotInPIGroup($pi_group); - ensureUserDoesNotExist(); - } - } - - #[DataProvider("provider")] - public function testCreateUserByCreateGroup($user_to_create_args, $expected_uid_gid) - { - global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; - switchuser(...$user_to_create_args); - $pi_group = $USER->getPIGroup(); - $this->assertTrue(!$USER->exists()); - $this->assertTrue(!$pi_group->exists()); - $newOrg = new UnityOrg($SSO["org"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); - $this->assertTrue(!$newOrg->exists()); - try { - $this->requestGroupCreation(); - $this->assertRequestedPIGroup(true); - - // $second_request_failed = false; - // try { - $this->requestGroupCreation(); - // } catch(Exception) { - // $second_request_failed = true; - // } - // $this->assertTrue($second_request_failed); - $this->assertRequestedPIGroup(true); - - $this->cancelAllRequests(); - $this->assertRequestedPIGroup(false); - - $this->requestGroupCreation(); - $this->assertRequestedPIGroup(true); - - $REDIS->flushAll(); // regression test: flush used to break requests - - $approve_uid = $SSO["user"]; - switchUser(...getAdminUser()); - $this->approveGroup($approve_uid); - switchUser(...$user_to_create_args); - - $this->assertRequestedPIGroup(false); - $this->assertTrue($pi_group->exists()); - $this->assertTrue($USER->exists()); - $this->assertTrue($newOrg->exists()); - - $user_entry = $LDAP->getUserEntry($approve_uid); - $qualified_user_group_entry = $LDAP->getGroupEntry($approve_uid); - $this->assertEquals($expected_uid_gid, $user_entry->getAttribute("uidnumber")[0]); - $this->assertEquals( - $expected_uid_gid, - $qualified_user_group_entry->getAttribute("gidnumber")[0], - ); - - // $third_request_failed = false; - // try { - $this->requestGroupCreation(); - // } catch(Exception) { - // $third_request_failed = true; - // } - // $this->assertTrue($third_request_failed); - $this->assertRequestedPIGroup(false); - } finally { - switchUser(...$user_to_create_args); - ensureOrgGroupDoesNotExist(); - ensurePIGroupDoesNotExist(); - ensureUserDoesNotExist(); - } - } -} diff --git a/test/functional/PIBecomeApproveTest.php b/test/functional/PIBecomeApproveTest.php new file mode 100644 index 00000000..2b741a45 --- /dev/null +++ b/test/functional/PIBecomeApproveTest.php @@ -0,0 +1,94 @@ +assertEquals( + $expected, + $SQL->requestExists($USER->uid, UnitySQL::REQUEST_BECOME_PI), + ); + } + + private function requestGroupCreation() + { + http_post(__DIR__ . "/../../webroot/panel/account.php", [ + "form_type" => "pi_request", + "tos" => "agree", + "account_policy" => "agree", + ]); + } + + private function cancelRequestGroupCreation() + { + http_post(__DIR__ . "/../../webroot/panel/account.php", [ + "form_type" => "cancel_pi_request", + ]); + } + + private function approveGroup($uid) + { + http_post(__DIR__ . "/../../webroot/admin/pi-mgmt.php", [ + "form_type" => "req", + "action" => "Approve", + "uid" => $uid, + ]); + } + + public function testApprovePI() + { + global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; + $user_to_qualify_args = getUnqualifiedUser(); + switchuser(...$user_to_qualify_args); + $pi_group = $USER->getPIGroup(); + $this->assertTrue($USER->exists()); + $this->assertTrue(!$pi_group->exists()); + try { + $this->requestGroupCreation(); + $this->assertRequestedPIGroup(true); + + // $second_request_failed = false; + // try { + $this->requestGroupCreation(); + // } catch(Exception) { + // $second_request_failed = true; + // } + // $this->assertTrue($second_request_failed); + $this->assertRequestedPIGroup(true); + + $this->cancelRequestGroupCreation(); + $this->assertRequestedPIGroup(false); + + $this->requestGroupCreation(); + $this->assertRequestedPIGroup(true); + + $REDIS->flushAll(); // regression test: flush used to break requests + + $approve_uid = $SSO["user"]; + switchUser(...getAdminUser()); + $this->approveGroup($approve_uid); + switchUser(...$user_to_qualify_args); + + $this->assertRequestedPIGroup(false); + $this->assertTrue($pi_group->exists()); + $this->assertTrue($USER->isQualified()); + + // $third_request_failed = false; + // try { + $this->requestGroupCreation(); + // } catch(Exception) { + // $third_request_failed = true; + // } + // $this->assertTrue($third_request_failed); + $this->assertRequestedPIGroup(false); + } finally { + switchUser(...$user_to_qualify_args); + ensurePIGroupDoesNotExist(); + } + } +} diff --git a/test/functional/PIMemberRequestTest.php b/test/functional/PIMemberRequestTest.php index 7a913d67..cea66ae7 100644 --- a/test/functional/PIMemberRequestTest.php +++ b/test/functional/PIMemberRequestTest.php @@ -3,7 +3,7 @@ use PHPUnit\Framework\TestCase; use UnityWebPortal\lib\UnitySQL; -class PiMemberRequestTest extends TestCase +class PIMemberRequestTest extends TestCase { private function requestMembership(string $gid_or_mail) { @@ -32,7 +32,7 @@ public function testRequestMembership() $this->assertTrue($USER->isPI()); $this->assertTrue($pi_group->exists()); $this->assertEqualsCanonicalizing([$pi], $pi_group->getGroupMembers()); - $this->assertEquals([], $SQL->getRequests($gid)); + $this->assertEqualsCanonicalizing([], $SQL->getRequests($gid)); switchUser(...getUserNotPiNotRequestedBecomePi()); $uid = $USER->uid; $this->assertFalse($USER->isPI()); diff --git a/test/functional/PiBecomeRequestTest.php b/test/functional/PiBecomeRequestTest.php index d1306c46..5714a6b9 100644 --- a/test/functional/PiBecomeRequestTest.php +++ b/test/functional/PiBecomeRequestTest.php @@ -3,7 +3,7 @@ use PHPUnit\Framework\TestCase; use UnityWebPortal\lib\UnitySQL; -class PiBecomeRequestTest extends TestCase +class PIBecomeRequestTest extends TestCase { private function assertNumberPiBecomeRequests(int $x) { @@ -41,6 +41,8 @@ public function testRequestBecomePi() try { http_post(__DIR__ . "/../../webroot/panel/account.php", [ "form_type" => "pi_request", + "tos" => "agree", + "account_policy" => "agree", ]); $this->assertNumberPiBecomeRequests(1); http_post(__DIR__ . "/../../webroot/panel/account.php", [ @@ -49,10 +51,14 @@ public function testRequestBecomePi() $this->assertNumberPiBecomeRequests(0); http_post(__DIR__ . "/../../webroot/panel/account.php", [ "form_type" => "pi_request", + "tos" => "agree", + "account_policy" => "agree", ]); $this->assertNumberPiBecomeRequests(1); http_post(__DIR__ . "/../../webroot/panel/account.php", [ "form_type" => "pi_request", + "tos" => "agree", + "account_policy" => "agree", ]); $this->assertNumberPiBecomeRequests(1); } finally { @@ -72,6 +78,8 @@ public function testRequestBecomePiUserRequestedAccountDeletion() try { http_post(__DIR__ . "/../../webroot/panel/account.php", [ "form_type" => "pi_request", + "tos" => "agree", + "account_policy" => "agree", ]); $this->assertNumberPiBecomeRequests(0); } finally { diff --git a/test/functional/PiMemberApproveTest.php b/test/functional/PiMemberApproveTest.php index c861df13..3ad8a7d3 100644 --- a/test/functional/PiMemberApproveTest.php +++ b/test/functional/PiMemberApproveTest.php @@ -1,106 +1,206 @@ "userReq", - "action" => "Approve", - "uid" => $uid, - ]); + sort($expected_members); + $found_members = $group->getGroupMemberUIDs(); + sort($found_members); + $this->assertEqualsCanonicalizing($expected_members, $found_members); + } + + private function assertRequestedMembership(bool $expected, string $gid) + { + global $USER, $SQL; + $this->assertEquals($expected, $SQL->requestExists($USER->uid, $gid)); } - private function requestJoinPI(string $gid) + private function requestGroupMembership(string $gid_or_mail) { http_post(__DIR__ . "/../../webroot/panel/groups.php", [ "form_type" => "addPIform", - "pi" => $gid, "tos" => "agree", + "pi" => $gid_or_mail, ]); } - private function assertGroupMembers(UnityGroup $group, array $members) + private function cancelRequestGroupMembership($gid) { - $this->assertEqualsCanonicalizing($members, $group->getGroupMemberUIDs()); + http_post(__DIR__ . "/../../webroot/panel/groups.php", [ + "form_type" => "cancelPIForm", + "pi" => $gid, + ]); } - public function testApproveRequest() + private function approveUserByAdmin($gid, $uid) { - global $USER; - $userSwitchArgs = getNormalUser(); - $piSwitchArgs = getUserIsPIHasNoMembersNoMemberRequests(); - switchUser(...$userSwitchArgs); - $user = $USER; - $uid = $USER->uid; - switchUser(...$piSwitchArgs); - $piUID = $USER->uid; - $piGroup = $USER->getPIGroup(); + http_post(__DIR__ . "/../../webroot/admin/pi-mgmt.php", [ + "form_type" => "reqChild", + "action" => "Approve", + "pi" => $gid, + "uid" => $uid, + ]); + } - $this->assertTrue($piGroup->exists()); - $this->assertGroupMembers($piGroup, [$piUID]); - $this->assertEmpty($piGroup->getRequests()); - try { - switchUser(...$userSwitchArgs); - $this->requestJoinPI($piGroup->gid); - $this->assertFalse($piGroup->memberExists($user)); - - switchUser(...$piSwitchArgs); - $this->approveUser($uid); - $this->assertTrue(!$piGroup->requestExists($user)); - $this->assertEmpty($piGroup->getRequests()); - $this->assertGroupMembers($piGroup, [$piUID, $uid]); - $this->assertTrue($piGroup->memberExists($user)); - } finally { - if ($piGroup->memberExists($user)) { - $piGroup->removeUser($user); - } - if ($piGroup->requestExists($user)) { - $piGroup->cancelGroupJoinRequest($user); - } - } + private function approveUserByPI($uid) + { + http_post(__DIR__ . "/../../webroot/panel/pi.php", [ + "form_type" => "userReq", + "action" => "Approve", + "uid" => $uid, + ]); } public function testApproveNonexistentRequest() { global $USER; - switchUser(...getNormalUser2()); + $user_args = getNormalUser2(); + switchUser(...$user_args); $user = $USER; $uid = $USER->uid; switchUser(...getUserIsPIHasNoMembersNoMemberRequests()); $piUID = $USER->uid; $piGroup = $USER->getPIGroup(); - $this->assertTrue($piGroup->exists()); $this->assertGroupMembers($piGroup, [$piUID]); $this->assertEmpty($piGroup->getRequests()); $this->assertFalse($piGroup->memberExists($user)); $this->assertEmpty($piGroup->getRequests()); try { - $this->expectException(Exception::class); - $piGroup->approveUser($user); + $this->expectException(Exception::class); // FIXME more specific exception type + $this->approveUserByPI($uid); + } finally { + switchUser(...$user_args); + ensureUserNotInPIGroup($piGroup); + } + } + public function testApproveMemberByPI() + { + global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; + $user_to_approve_args = getUnqualifiedUser(); + $pi_user_args = getUserIsPIHasNoMembersNoMemberRequests(); + switchUser(...$pi_user_args); + $pi_uid = $USER->uid; + $pi_group = $USER->getPIGroup(); + $gid = $pi_group->gid; + switchUser(...$user_to_approve_args); + $this->assertTrue($USER->exists()); + $this->assertTrue($pi_group->exists()); + $this->assertGroupMembers($pi_group, [$pi_uid]); + $this->assertTrue(!$pi_group->memberExists($USER)); + $this->assertRequestedMembership(false, $gid); + try { + $this->requestGroupMembership($pi_group->gid); + $this->assertRequestedMembership(true, $gid); + + // $second_request_failed = false; + // try { + $this->requestGroupMembership($pi_group->gid); + // } catch(Exception) { + // $second_request_failed = true; + // } + // $this->assertTrue($second_request_failed); + $this->assertRequestedMembership(true, $gid); + + $this->cancelRequestGroupMembership($gid); + $this->assertRequestedMembership(false, $gid); + + $this->requestGroupMembership($pi_group->gid); + $this->assertTrue($pi_group->requestExists($USER)); + $this->assertRequestedMembership(true, $gid); + + $REDIS->flushAll(); // regression test: flush used to break requests + + $approve_uid = $SSO["user"]; + switchUser(...$pi_user_args); + $this->approveUserByPI($approve_uid); + switchUser(...$user_to_approve_args); + + $this->assertTrue(!$pi_group->requestExists($USER)); + $this->assertRequestedMembership(false, $gid); + $this->assertTrue($pi_group->memberExists($USER)); + $this->assertTrue($USER->isQualified()); + + // $third_request_failed = false; + // try { + $this->requestGroupMembership($pi_group->gid); + // } catch(Exception) { + // $third_request_failed = true; + // } + // $this->assertTrue($third_request_failed); + $this->assertRequestedMembership(false, $gid); + $this->assertTrue(!$pi_group->requestExists($USER)); + } finally { + switchUser(...$user_to_approve_args); + ensureUserNotInPIGroup($pi_group); + $this->assertGroupMembers($pi_group, [$pi_uid]); + } + } + + public function testApproveMemberByAdmin() + { + global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; + $user_to_approve_args = getUnqualifiedUser(); + switchUser(...getUserIsPIHasNoMembersNoMemberRequests()); + $pi_group = $USER->getPIGroup(); + $pi_uid = $USER->uid; + $gid = $pi_group->gid; + switchUser(...$user_to_approve_args); + $this->assertTrue($USER->exists()); + $this->assertTrue($pi_group->exists()); + $this->assertGroupMembers($pi_group, [$pi_uid]); + $this->assertTrue(!$pi_group->memberExists($USER)); + $this->assertRequestedMembership(false, $gid); + try { + $this->requestGroupMembership($pi_group->gid); + $this->assertRequestedMembership(true, $gid); + + // $second_request_failed = false; + // try { + $this->requestGroupMembership($pi_group->gid); + // } catch(Exception) { + // $second_request_failed = true; + // } + // $this->assertTrue($second_request_failed); + $this->assertRequestedMembership(true, $gid); + + $this->cancelRequestGroupMembership($gid); + $this->assertRequestedMembership(false, $gid); + + $this->requestGroupMembership($pi_group->getOwner()->getMail()); + $this->assertTrue($pi_group->requestExists($USER)); + $this->assertRequestedMembership(true, $gid); + + $REDIS->flushAll(); // regression test: flush used to break requests + + $approve_uid = $SSO["user"]; + switchUser(...getAdminUser()); + $this->approveUserByAdmin($gid, $approve_uid); + switchUser(...$user_to_approve_args); + + $this->assertTrue(!$pi_group->requestExists($USER)); + $this->assertRequestedMembership(false, $gid); + $this->assertTrue($pi_group->memberExists($USER)); + $this->assertTrue($USER->isQualified()); + + // $third_request_failed = false; + // try { + $this->requestGroupMembership($pi_group->gid); + // } catch(Exception) { + // $third_request_failed = true; + // } + // $this->assertTrue($third_request_failed); + $this->assertRequestedMembership(false, $gid); + $this->assertTrue(!$pi_group->requestExists($USER)); } finally { - if ($piGroup->memberExists($user)) { - $piGroup->removeUser($user); - } + switchUser(...$user_to_approve_args); + ensureUserNotInPIGroup($pi_group); + $this->assertGroupMembers($pi_group, [$pi_uid]); } } } diff --git a/test/functional/PiMemberDenyTest.php b/test/functional/PiMemberDenyTest.php index ad68e156..aa3092c5 100644 --- a/test/functional/PiMemberDenyTest.php +++ b/test/functional/PiMemberDenyTest.php @@ -3,8 +3,9 @@ use PHPUnit\Framework\TestCase; use PHPUnit\Framework\Attributes\DataProvider; use UnityWebPortal\lib\UnityUser; +use function PHPUnit\Framework\assertEquals; -class PiMemberDenyTest extends TestCase +class PIMemberDenyTest extends TestCase { static $requestUid; @@ -35,13 +36,7 @@ public function testDenyRequest() $this->assertEmpty($piGroup->getRequests()); $requestedUser = new UnityUser(self::$requestUid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); try { - $piGroup->newUserRequest( - $requestedUser, - $requestedUser->getFirstname(), - $requestedUser->getLastname(), - $requestedUser->getMail(), - $requestedUser->getOrg(), - ); + $piGroup->newUserRequest($requestedUser); $this->assertFalse($piGroup->memberExists($requestedUser)); $piGroup->denyUser($requestedUser); diff --git a/test/functional/PiRemoveUserTest.php b/test/functional/PiRemoveUserTest.php index 6118ad6c..954e01b8 100644 --- a/test/functional/PiRemoveUserTest.php +++ b/test/functional/PiRemoveUserTest.php @@ -4,7 +4,7 @@ use PHPUnit\Framework\Attributes\DataProvider; use UnityWebPortal\lib\UnityUser; -class PiRemoveUserTest extends TestCase +class PIRemoveUserTest extends TestCase { private function removeUser(string $uid) { @@ -44,13 +44,7 @@ public function testRemoveUser() $this->assertFalse($piGroup->memberExists($memberToDelete)); } finally { if (!$piGroup->memberExists($memberToDelete)) { - $piGroup->newUserRequest( - $memberToDelete, - $memberToDelete->getFirstname(), - $memberToDelete->getLastname(), - $memberToDelete->getMail(), - $memberToDelete->getOrg(), - ); + $piGroup->newUserRequest($memberToDelete); $piGroup->approveUser($memberToDelete); } } @@ -70,13 +64,7 @@ public function testRemovePIFromTheirOwnGroup() $this->assertTrue($piGroup->memberExists($pi)); } finally { if (!$piGroup->memberExists($pi)) { - $piGroup->newUserRequest( - $pi, - $pi->getFirstname(), - $pi->getLastname(), - $pi->getMail(), - $pi->getOrg(), - ); + $piGroup->newUserRequest($pi); $piGroup->approveUser($pi); } } diff --git a/test/functional/RegisterUserTest.php b/test/functional/RegisterUserTest.php new file mode 100644 index 00000000..a51c7309 --- /dev/null +++ b/test/functional/RegisterUserTest.php @@ -0,0 +1,45 @@ + "agree"]); + } + + #[DataProvider("provider")] + public function testRegisterUserAndCreateOrg($user_to_register_args, $expected_uid_gid) + { + global $USER, $SSO, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK; + switchuser(...$user_to_register_args); + $user_entry = $LDAP->getUserEntry($USER->uid); + $user_group_entry = $LDAP->getGroupEntry($USER->uid); + $org_entry = $LDAP->getOrgGroupEntry($SSO["org"]); + $this->assertTrue(!$user_entry->exists()); + $this->assertTrue(!$user_group_entry->exists()); + $this->assertTrue(!$org_entry->exists()); + try { + $this->register(); + $this->assertTrue($user_entry->exists()); + $this->assertTrue($user_group_entry->exists()); + $this->assertTrue($org_entry->exists()); + $this->assertEquals($expected_uid_gid, $user_entry->getAttribute("uidnumber")[0]); + $this->assertEquals($expected_uid_gid, $user_group_entry->getAttribute("gidnumber")[0]); + } finally { + ensureOrgGroupDoesNotExist(); + ensureUserDoesNotExist(); + } + } +} diff --git a/test/phpunit-bootstrap.php b/test/phpunit-bootstrap.php index c4c2af03..2091029e 100644 --- a/test/phpunit-bootstrap.php +++ b/test/phpunit-bootstrap.php @@ -181,17 +181,17 @@ function ensureUserDoesNotExist() $USER->getGroupEntry()->delete(); ensure(!$USER->getGroupEntry()->exists()); } - $all_users_group = $LDAP->getQualifiedUserGroup(); - $all_member_uids = $all_users_group->getAttribute("memberuid"); + $qualified_users_group = $LDAP->getQualifiedUserGroup(); + $all_member_uids = $qualified_users_group->getAttribute("memberuid"); if (in_array($USER->uid, $all_member_uids)) { - $all_users_group->setAttribute( + $qualified_users_group->setAttribute( "memberuid", // array_diff will break the contiguity of the array indexes // ldap_mod_replace requires contiguity, array_values restores contiguity array_values(array_diff($all_member_uids, [$USER->uid])), ); - $all_users_group->write(); - ensure(!in_array($USER->uid, $all_users_group->getAttribute("memberuid"))); + $qualified_users_group->write(); + ensure(!in_array($USER->uid, $qualified_users_group->getAttribute("memberuid"))); } $default_value_getter = [$LDAP, "getSortedQualifiedUsersForRedis"]; $REDIS->removeCacheArray("sorted_qualified_users", "", $USER->uid, $default_value_getter); @@ -291,6 +291,11 @@ function getNonExistentUser() return ["user2001@org998.test", "foo", "bar", "user2001@org998.test"]; } +function getUnqualifiedUser() +{ + return ["user2005@org1.test", "foo", "bar", "user2005@org1.test"]; +} + function getNonexistentUsersWithExistentOrg() { return [ @@ -316,15 +321,15 @@ function getMultipleValueAttributesAndExpectedSSO() { return [ [ - "REMOTE_USER" => "user2003@org998.test", + "REMOTE_USER" => "user2003@org1.test", "givenName" => "foo;foo", "sn" => "bar;bar", - "mail" => "user2003@org998.test;user2003@org998.test", + "mail" => "user2003@org1.test;user2003@org1.test", ], [ "firstname" => "foo", "lastname" => "bar", - "mail" => "user2003@org998.test", + "mail" => "user2003@org1.test", ], ]; } diff --git a/tools/docker-dev/identity/bootstrap.ldif b/tools/docker-dev/identity/bootstrap.ldif index 6f78b020..ff979344 100644 --- a/tools/docker-dev/identity/bootstrap.ldif +++ b/tools/docker-dev/identity/bootstrap.ldif @@ -9178,6 +9178,12 @@ gidnumber: 1956 objectclass: posixGroup objectclass: top +dn: cn=user2005_org1_test,ou=groups,dc=unityhpc,dc=test +cn: user2005_org1_test +gidnumber: 33130 +objectclass: posixGroup +objectclass: top + dn: ou=org_groups,dc=unityhpc,dc=test objectclass: organizationalUnit objectclass: top @@ -37206,3 +37212,20 @@ sshpublickey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6DRkoDjDgI39kKmuUAgMC18+O3o sshpublickey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLCxBujVxoB5T95BAQfwlG0cQSGldVap3w/cNAHobgaa9rOcino2Dw5EHXQl+O0yrDGRRQ1sEIZrTLhHNcWLUZ1d6exSRfg8AvjghAczKNi7H8oLMCp4hMVz3RzqozZaxhXDYQb1n4igf8jtX/VBvixEgSkDrRxPCFFkr14CT0xXhR02fnoFSMbedtXphClTiF6ry94mzl91CkdWP9JHY1w8LCJh6wlXCyiIorydoADPAjFIw766TRe2eUNHn0gDPVrF8KUhaYDW8wKG6u8PORotNBr3zw/QRCjpgbwh1w6xNZti/N+rEjczFTnECmlcOkDrkw5j4OqiLEIBw3j9vF uid: user1304_org1_test uidnumber: 1956 + +dn: cn=user2005_org1_test,ou=users,dc=unityhpc,dc=test +cn: user2005_org1_test +gidnumber: 33130 +givenname: Givenname +homedirectory: /home/user2005_org1_test +loginshell: /bin/bash +mail: user2005@org1.test +o: org1_test +objectclass: inetOrgPerson +objectclass: posixAccount +objectclass: top +objectclass: ldapPublicKey +sn: Surname +gecos: Givenname Surname +uid: user2005_org1_test +uidnumber: 33130 diff --git a/tools/docker-dev/sql/bootstrap.sql b/tools/docker-dev/sql/bootstrap.sql index d8c6ac8d..7efb5722 100644 --- a/tools/docker-dev/sql/bootstrap.sql +++ b/tools/docker-dev/sql/bootstrap.sql @@ -124,10 +124,6 @@ CREATE TABLE `requests` ( `id` int(11) NOT NULL, `request_for` varchar(131) NOT NULL, `uid` varchar(128) NOT NULL, - `firstname` varchar(768) NOT NULL, - `lastname` varchar(768) NOT NULL, - `email` varchar(768) NOT NULL, - `org` varchar(768) NOT NULL, `timestamp` timestamp NOT NULL DEFAULT current_timestamp() ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; diff --git a/tools/docker-dev/web/Dockerfile b/tools/docker-dev/web/Dockerfile index a65eee49..22e1d472 100644 --- a/tools/docker-dev/web/Dockerfile +++ b/tools/docker-dev/web/Dockerfile @@ -28,6 +28,8 @@ RUN sed -i '/display_errors/c\display_errors = on' /etc/php/8.3/apache2/php.ini RUN sed -i '/zend.assertions/c\zend.assertions = 1' /etc/php/8.3/apache2/php.ini RUN sed -i '/zend.assertions/c\zend.assertions = 1' /etc/php/8.3/cli/php.ini RUN sed -i '/memory_limit/c\memory_limit = -1' /etc/php/8.3/apache2/php.ini +RUN sed -i '/zend.exception_ignore_args/c\zend.exception_ignore_args = 0' /etc/php/8.3/apache2/php.ini +RUN sed -i '/zend.exception_ignore_args/c\zend.exception_ignore_args = 0' /etc/php/8.3/cli/php.ini RUN echo 'xdebug.mode=coverage' >> /etc/php/8.3/cli/php.ini # Start apache2 server diff --git a/tools/docker-dev/web/htpasswd b/tools/docker-dev/web/htpasswd index 2e7ce610..1400af50 100644 --- a/tools/docker-dev/web/htpasswd +++ b/tools/docker-dev/web/htpasswd @@ -1309,3 +1309,5 @@ user2002@org999.test:$apr1$Rgrex74Z$rgJx6sCnGQN9UVMmhVG2R1 # nonexistent users with an existent org user2003@org1.test:$apr1$Rgrex74Z$rgJx6sCnGQN9UVMmhVG2R1 user2004@org1.test:$apr1$Rgrex74Z$rgJx6sCnGQN9UVMmhVG2R1 +# unqualified users +user2005@org1.test:$apr1$Rgrex74Z$rgJx6sCnGQN9UVMmhVG2R1 diff --git a/webroot/admin/ajax/get_group_members.php b/webroot/admin/ajax/get_group_members.php index cebf4115..9d98e44e 100644 --- a/webroot/admin/ajax/get_group_members.php +++ b/webroot/admin/ajax/get_group_members.php @@ -54,23 +54,24 @@ $i++; } -foreach ($requests as $i => [$user, $timestamp, $firstname, $lastname, $email, $org]) { +foreach ($requests as $i => [$user, $timestamp]) { if ($i >= $count - 1) { echo "You are curently a principal investigator on the Unity Cluster
"; -} elseif ($hasGroups) { - echo "You are curently a user on the Unity Cluster
"; +} elseif ($USER->isQualified()) { + echo "You are curently a qualified user on the Unity Cluster
"; } else { echo "
- You are currently not assigned to any PI, and will be
+ You are currently an unqualified user, and will be
unable to use the cluster.
- Go to the
+ To become qualified, go to the
My PIs
page to join a PI, or click on the button below if you are a PI.
Do not click the button below if you are a student.
@@ -173,9 +164,24 @@
";
} else {
- echo "";
$onclick = "return confirm(\"Are you sure you want to request a PI account?\")";
- echo "";
+ $tos_url = CONFIG["site"]["terms_of_service_url"];
+ $account_policy_url = CONFIG["site"]["account_policy_url"];
+ echo "
+
+
+
+
+
+
+ ";
}
}
echo "";
diff --git a/webroot/panel/groups.php b/webroot/panel/groups.php
index d13327a0..cabefae3 100644
--- a/webroot/panel/groups.php
+++ b/webroot/panel/groups.php
@@ -37,21 +37,8 @@
array_push($modalErrors, "You're already in this PI group");
}
}
- if ($USER->uid != $SSO["user"]) {
- $sso_user = $SSO["user"];
- UnityHTTPD::badRequest(
- "cannot request due to uid mismatch: " .
- "USER='{$USER->uid}' SSO[user]='$sso_user'"
- );
- }
if (empty($modalErrors)) {
- $pi_account->newUserRequest(
- $USER,
- $SSO["firstname"],
- $SSO["lastname"],
- $SSO["mail"],
- $SSO["org"]
- );
+ $pi_account->newUserRequest($USER);
}
break;
case "removePIForm":
diff --git a/webroot/panel/new_account.php b/webroot/panel/new_account.php
index 604f95a4..336db9f1 100644
--- a/webroot/panel/new_account.php
+++ b/webroot/panel/new_account.php
@@ -2,211 +2,34 @@
require_once __DIR__ . "/../../resources/autoload.php";
-use UnityWebPortal\lib\exceptions\EntryNotFoundException;
use UnityWebPortal\lib\UnityHTTPD;
-use UnityWebPortal\lib\UnityGroup;
-use UnityWebPortal\lib\UnitySQL;
+use UnityWebPortal\lib\UnityUser;
if ($USER->exists()) {
UnityHTTPD::redirect(CONFIG["site"]["prefix"] . "/panel/account.php");
}
-
-$pending_requests = $SQL->getRequestsByUser($USER->uid);
-
if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (isset($_POST["new_user_sel"])) {
- if (!isset($_POST["eula"]) || $_POST["eula"] != "agree") {
- UnityHTTPD::badRequest("user did not agree to EULA");
- }
- if ($USER->uid != $SSO["user"]) {
- $sso_user = $SSO["user"];
- UnityHTTPD::badRequest(
- "cannot request due to uid mismatch: USER='{$USER->uid}' SSO[user]='$sso_user'"
- );
- }
- if ($_POST["new_user_sel"] == "not_pi") {
- $pi_groupname = $_POST["pi"];
- if (substr($pi_groupname, 0, 3) !== "pi_" && str_contains($pi_groupname, "@")) {
- try {
- $pi_groupname = UnityGroup::ownerMail2GID($pi_groupname);
- } catch (EntryNotFoundException) {
- }
- }
- $form_group = new UnityGroup($pi_groupname, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
- if (!$form_group->exists()) {
- UnityHTTPD::badRequest("The selected PI '" . $pi_groupname . "'does not exist");
- }
- $form_group->newUserRequest(
- $USER,
- $SSO["firstname"],
- $SSO["lastname"],
- $SSO["mail"],
- $SSO["org"]
- );
- }
- if ($_POST["new_user_sel"] == "pi") {
- if (!isset($_POST["confirm_pi"]) || $_POST["confirm_pi"] != "agree") {
- UnityHTTPD::badRequest("user did not agree to account policy");
- }
- $USER->getPIGroup()->requestGroup(
- $SSO["firstname"],
- $SSO["lastname"],
- $SSO["mail"],
- $SSO["org"],
- $SEND_PIMESG_TO_ADMINS
- );
- }
- } elseif (isset($_POST["cancel"])) {
- foreach ($pending_requests as $request) {
- if ($request["request_for"] == "admin") {
- $USER->getPIGroup()->cancelGroupRequest();
- } else {
- $pi_group = new UnityGroup(
- $request["request_for"],
- $LDAP,
- $SQL,
- $MAILER,
- $REDIS,
- $WEBHOOK
- );
- $pi_group->cancelGroupJoinRequest($user = $USER);
- }
- }
- }
+ $user = new UnityUser($SSO["user"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
+ $user->init($SSO["firstname"], $SSO["lastname"], $SSO["mail"], $SSO["org"]);
+ // header.php will redirect to this same page again and then this page will redirect to account
}
require $LOC_HEADER;
?>
-
You have pending account activation requests:
- -Ownership of PI Account/Group: $group_uid
Membership in PI Group owned by: $owner_uid
Requesting Ownership of PI Account/Group
-You will receive an email when your account has been approved.
-- $name if you have not heard back in one business day."; - ?> -
-Requesting Membership in a PI Group
-You will receive an email when your account has been approved by the PI.
-You may need to remind them.
-Please verify that the information below is correct before continuing
+Your unity cluster username will be
+| " . $firstname . " " . $lastname . " | "; - echo "" . $uid . " | "; - echo "" . $email . " | "; - echo "" . $date . " | "; + echo "$name | "; + echo "$uid | "; + echo "$date | "; echo ""; echo ""; echo " | "; echo "